Black Duck has expanded its Coverity static application security testing (SAST) platform with new AI-powered capabilities, enhanced regulatory compliance features, and improved developer workflows. The update introduces AI-assisted issue triage, AI coding agent integration, new security analysis capabilities, and Cyber Resilience Act (CRA) readiness features, helping organizations strengthen secure software development while maintaining deterministic and auditable security analysis.
Black Duck has unveiled the first AI-powered capabilities for its Coverity static analysis solution, extending its application security platform to support modern AI-assisted software development. The latest release combines deterministic static code analysis with AI-driven workflows while preserving transparency, reproducibility, and auditability.
The new AI capabilities are designed to operate with a customer's preferred large language model (LLM), allowing organizations to maintain full control over model selection, data residency, and processing environments. This approach is particularly important for enterprises operating under strict security, compliance, and governance requirements.
The update introduces AI-Assisted Issue Triage, which helps development and security teams reduce false positives and accelerate vulnerability analysis. The feature is specifically optimized for C and C++ projects while improving issue triage across all supported programming languages.
Black Duck also launched a new Security Scan Model Context Protocol (MCP) Server that enables AI coding agents to execute local Coverity scans and surface verified security findings directly within AI-assisted development environments. By integrating deterministic scan results into agentic workflows, developers can act on validated security insights rather than probabilistic AI-generated assumptions.
Additionally, Coverity now includes AI-powered detection for Insecure Direct Object Reference (IDOR) vulnerabilities in JavaScript and TypeScript applications, helping organizations identify authorization flaws that can expose sensitive resources.
To help organizations prepare for the European Union's Cyber Resilience Act (CRA), Black Duck has introduced several compliance-focused enhancements.
The new Security Impact Lens enables users to prioritize vulnerabilities based on their security impact, making it easier to identify issues that require immediate attention and align remediation efforts with regulatory expectations.
A new CRA-Aligned Checker option further supports compliance by automatically aligning scan results with cybersecurity and vulnerability management obligations defined by the Cyber Resilience Act. These capabilities are designed to simplify regulatory readiness while improving security governance across development teams.
The latest release extends Coverity's language support to Rust 1.92, allowing organizations developing modern systems software to benefit from static application security testing and code quality analysis.
Black Duck has also redesigned the Coverity user interface to improve navigation, issue filtering, and vulnerability triage workflows. The updated experience helps developers and security professionals efficiently review large volumes of findings while reducing manual effort.
"Coverity has set the gold standard for static analysis for more than two decades, and we're raising the bar by pairing its deterministic precision with the speed of AI, meeting customers where modern software development is heading," said Dipto Chakravarty, Chief Product & Technology Officer at Black Duck. "Code today is written, reviewed, and shipped by agents, and businesses have to move at machine speed to stay ahead. These updates deliver exactly that: AI that slashes triage time without sacrificing auditability, an MCP server that brings Coverity into agentic developer workflows, and new lenses and checkers that make CRA readiness operational, not aspirational."
With these enhancements, Black Duck extends Coverity beyond traditional static code analysis into AI-assisted development workflows while maintaining deterministic and reproducible security results. By combining AI-powered vulnerability management, compliance automation, expanded language support, and modern developer integrations, the platform helps organizations strengthen application security without compromising governance or regulatory compliance.
Black Duck® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world. Only Black Duck solutions free organizations from tradeoffs between speed, accuracy, and compliance at scale while eliminating security, regulatory, and licensing risks. Whether in the cloud or on premises, Black Duck is the only choice for securing mission-critical software everywhere code happens. With Black Duck, security leaders can make smarter decisions and unleash business innovation with confidence. Learn more at www.blackduck.com.